Is identity critical in the quest to make smart cities safe?

Cue the Identify of Things (IDoT)

It's (yet another) buzzword for the IT world, but it does have some validity. "The IDoT is an essential component of the IoT," says Moffat. "While the identity component alone does not make a device smart, without it, a device could be considered dumb," he adds.

However, the identity of 'things' is no more or less important than the identity of the users and administrators of IoT systems; there's no point in securing IoT devices if the system can be overridden.

"To properly manage the authenticity of users, devices and things in today's connected world, authentication needs to be context-aware and continuously assess risk," says Moffat. Put simply, add geographical location to a context-aware advanced identity management system, and no-one in Iran would be able to access something in New York.

"If a questionable or harmful action was attempted – say opening the flood gates during a rainstorm, for instance – additional step-up verification could have been required to carry it out," says Moffat, suggesting that a security code could be sent to a supervisor's mobile phone.

Smart cities like Hong Kong are also rated as the most vulnerable to hackers

Smart cities like Hong Kong are also rated as the most vulnerable to hackers

The real-time smart city

It's not all about safety. As well as making smart city IoT devices safe from hackers, giving everything a unique identifier creates a lot of opportunities. This gives all data coming from that device something hugely valuable to the smart city: context.

"By assigning digital identities to connected devices and things, smart city operators can use real-time data and situational context to personalise public services and better understand how these things are being used," says Moffat.

Gadget makers to blame?

For now, it's commercial buildings that are embracing the IoT and, for now, that's the core concept behind the notion of the smart city, but after 2017 it will be smart homes that dominate the spread of 'things'.

A report in March by anti-malware and mobile security company BullGuard revealed that 72% of people don't know how to protect against hacks and breaches against their IoT devices. "Most of us have been working with internet connected devices such as computers, smartphones and tablets for some time," says Paul Lipman, CEO of BullGuard, "but the IoT is changing our perception of personal security, for both ourselves and our data."

It's not just those who consider themselves 'technophobes' that have these concerns – 22% of people with advanced technical skills are not confident in their ability to keep their connected devices secure.

Hackers could potentially enter embedded systems via RFID devices

Hackers could potentially enter embedded systems via RFID devices (Image Credit: Transport for London)

Large 'attack vector'

Although 'device to cloud' security is seen as essential for smart cities, there's an industry-wide wish that the IoT devices themselves were built with that in mind rather than being churned out at low-cost.

"All devices and services within the IoT need to have identity-based security designed in from the ground up, not just gadgets," says Moffat, who thinks that the mushrooming of IoT devices provides a large 'attack vector'. We all know that the IoT has huge potential to improve nearly every aspect of city living for citizens, but only if IoT devices can be made safe from malicious hackers.

Digital platforms must be able to manage the relationship between users and things safely and securely. With analysts at Gartner estimating that 1.6 billion connected things will be used by smart cities globally this year – a whopping increase of 39% from 2015 – there could be a lot of new digital identities to create.